General

  • Target

    d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416

  • Size

    4.2MB

  • Sample

    240420-nngheafe78

  • MD5

    9e5dda19cec5642bbba30d86beb37242

  • SHA1

    69515a84159df9186bf7ebcfa4f8b645030b0858

  • SHA256

    d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416

  • SHA512

    9f4b681ec768d08091c437d07386ee3b05d3044cb57823aa7218aa2db36fbb95cff09067943ff98831c982964c4da127d7c8dbd5768643a74795cc486bdc0c84

  • SSDEEP

    98304:qExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR/:qMby0Sruak17xwW

Malware Config

Targets

    • Target

      d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416

    • Size

      4.2MB

    • MD5

      9e5dda19cec5642bbba30d86beb37242

    • SHA1

      69515a84159df9186bf7ebcfa4f8b645030b0858

    • SHA256

      d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416

    • SHA512

      9f4b681ec768d08091c437d07386ee3b05d3044cb57823aa7218aa2db36fbb95cff09067943ff98831c982964c4da127d7c8dbd5768643a74795cc486bdc0c84

    • SSDEEP

      98304:qExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR/:qMby0Sruak17xwW

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks